diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Kconfig | 32 | ||||
| -rw-r--r-- | lib/Makefile | 10 | ||||
| -rw-r--r-- | lib/charset.c | 11 | ||||
| -rw-r--r-- | lib/efi_loader/efi_boottime.c | 10 | ||||
| -rw-r--r-- | lib/efi_loader/efi_console.c | 4 | ||||
| -rw-r--r-- | lib/efi_loader/efi_device_path.c | 1 | ||||
| -rw-r--r-- | lib/efi_loader/efi_file.c | 48 | ||||
| -rw-r--r-- | lib/efi_loader/efi_net.c | 1 | ||||
| -rw-r--r-- | lib/efi_loader/efi_runtime.c | 16 | ||||
| -rw-r--r-- | lib/efi_loader/efi_variable.c | 6 | ||||
| -rw-r--r-- | lib/efi_selftest/efi_selftest_block_device.c | 30 | ||||
| -rw-r--r-- | lib/efi_selftest/efi_selftest_controllers.c | 2 | ||||
| -rw-r--r-- | lib/fdtdec.c | 127 | ||||
| -rw-r--r-- | lib/hang.c | 5 | ||||
| -rw-r--r-- | lib/tpm-common.c | 10 | ||||
| -rw-r--r-- | lib/tpm-v1.c | 68 |
16 files changed, 238 insertions, 143 deletions
diff --git a/lib/Kconfig b/lib/Kconfig index 622f3c26c3..ccab426e12 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -185,6 +185,28 @@ config TPM for the low-level TPM interface, but only one TPM is supported at a time by the TPM library. +config SPL_TPM + bool "Trusted Platform Module (TPM) Support in SPL" + depends on SPL_DM + help + This enables support for TPMs which can be used to provide security + features for your board. The TPM can be connected via LPC or I2C + and a sandbox TPM is provided for testing purposes. Use the 'tpm' + command to interactive the TPM. Driver model support is provided + for the low-level TPM interface, but only one TPM is supported at + a time by the TPM library. + +config TPL_TPM + bool "Trusted Platform Module (TPM) Support in TPL" + depends on TPL_DM + help + This enables support for TPMs which can be used to provide security + features for your board. The TPM can be connected via LPC or I2C + and a sandbox TPM is provided for testing purposes. Use the 'tpm' + command to interactive the TPM. Driver model support is provided + for the low-level TPM interface, but only one TPM is supported at + a time by the TPM library. + endmenu menu "Android Verified Boot" @@ -331,6 +353,16 @@ config SPL_OF_LIBFDT particular compatible nodes. The library operates on a flattened version of the device tree. +config TPL_OF_LIBFDT + bool "Enable the FDT library for TPL" + default y if TPL_OF_CONTROL + help + This enables the FDT library (libfdt). It provides functions for + accessing binary device tree images in memory, such as adding and + removing nodes and properties, scanning through the tree and finding + particular compatible nodes. The library operates on a flattened + version of the device tree. + config FDT_FIXUP_PARTITIONS bool "overwrite MTD partitions in DTS through defined in 'mtdparts'" depends on OF_LIBFDT diff --git a/lib/Makefile b/lib/Makefile index f169644850..fb6944128a 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -45,14 +45,18 @@ obj-$(CONFIG_PHYSMEM) += physmem.o obj-y += qsort.o obj-y += rc4.o obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o -obj-$(CONFIG_TPM) += tpm-common.o -obj-$(CONFIG_TPM_V1) += tpm-v1.o -obj-$(CONFIG_TPM_V2) += tpm-v2.o obj-$(CONFIG_RBTREE) += rbtree.o obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += list_sort.o endif +obj-$(CONFIG_$(SPL_TPL_)TPM) += tpm-common.o +ifeq ($(CONFIG_$(SPL_TPL_)TPM),y) +obj-y += crc8.o +obj-$(CONFIG_TPM_V1) += tpm-v1.o +obj-$(CONFIG_TPM_V2) += tpm-v2.o +endif + obj-$(CONFIG_RSA) += rsa/ obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SHA256) += sha256.o diff --git a/lib/charset.c b/lib/charset.c index 0cede9b60b..10557b9e75 100644 --- a/lib/charset.c +++ b/lib/charset.c @@ -97,12 +97,17 @@ static u8 read_string(void *data) /** * read_console() - read byte from console * - * @src - not used, needed to match interface - * Return: - byte read + * @data - not used, needed to match interface + * Return: - byte read or 0 on error */ static u8 read_console(void *data) { - return getc(); + int ch; + + ch = getc(); + if (ch < 0) + ch = 0; + return ch; } int console_read_unicode(s32 *code) diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index 97eb19cd14..da978d2b34 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -1599,7 +1599,7 @@ static efi_status_t EFIAPI efi_load_image(bool boot_policy, efi_uintn_t source_size, efi_handle_t *image_handle) { - struct efi_loaded_image *info; + struct efi_loaded_image *info = NULL; struct efi_loaded_image_obj **image_obj = (struct efi_loaded_image_obj **)image_handle; efi_status_t ret; @@ -2023,7 +2023,7 @@ static efi_status_t EFIAPI efi_open_protocol_information( /* Copy entries */ buffer_size = count * sizeof(struct efi_open_protocol_info_entry); - r = efi_allocate_pool(EFI_ALLOCATE_ANY_PAGES, buffer_size, + r = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, buffer_size, (void **)entry_buffer); if (r != EFI_SUCCESS) goto out; @@ -2080,7 +2080,7 @@ static efi_status_t EFIAPI efi_protocols_per_handle( size_t j = 0; buffer_size = sizeof(efi_guid_t *) * *protocol_buffer_count; - r = efi_allocate_pool(EFI_ALLOCATE_ANY_PAGES, buffer_size, + r = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, buffer_size, (void **)protocol_buffer); if (r != EFI_SUCCESS) return EFI_EXIT(r); @@ -2133,7 +2133,7 @@ static efi_status_t EFIAPI efi_locate_handle_buffer( *buffer); if (r != EFI_BUFFER_TOO_SMALL) goto out; - r = efi_allocate_pool(EFI_ALLOCATE_ANY_PAGES, buffer_size, + r = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, buffer_size, (void **)buffer); if (r != EFI_SUCCESS) goto out; @@ -2506,7 +2506,7 @@ static efi_status_t efi_protocol_open( if (item->info.attributes & EFI_OPEN_PROTOCOL_BY_DRIVER) opened_by_driver = true; } - /* Only one controller can be conncected */ + /* Only one controller can be connected */ if (opened_by_driver) return EFI_ACCESS_DENIED; } diff --git a/lib/efi_loader/efi_console.c b/lib/efi_loader/efi_console.c index 7ecdbb1666..0225222a61 100644 --- a/lib/efi_loader/efi_console.c +++ b/lib/efi_loader/efi_console.c @@ -1045,8 +1045,10 @@ static void EFIAPI efi_key_notify(struct efi_event *event, void *context) * efi_console_register() - install the console protocols * * This function is called from do_bootefi_exec(). + * + * Return: status code */ -int efi_console_register(void) +efi_status_t efi_console_register(void) { efi_status_t r; struct efi_object *efi_console_output_obj; diff --git a/lib/efi_loader/efi_device_path.c b/lib/efi_loader/efi_device_path.c index 5a61a1c1dc..46a24f7882 100644 --- a/lib/efi_loader/efi_device_path.c +++ b/lib/efi_loader/efi_device_path.c @@ -382,7 +382,6 @@ struct efi_device_path *efi_dp_get_next_instance(struct efi_device_path **dp, *size = 0; if (!dp || !*dp) return NULL; - p = *dp; sz = efi_dp_instance_size(*dp); p = dp_alloc(sz + sizeof(END)); if (!p) diff --git a/lib/efi_loader/efi_file.c b/lib/efi_loader/efi_file.c index 0753a36a20..beb4fba917 100644 --- a/lib/efi_loader/efi_file.c +++ b/lib/efi_loader/efi_file.c @@ -52,11 +52,18 @@ static int set_blk_dev(struct file_handle *fh) return fs_set_blk_dev_with_part(fh->fs->desc, fh->fs->part); } +/** + * is_dir() - check if file handle points to directory + * + * We assume that set_blk_dev(fh) has been called already. + * + * @fh: file handle + * Return: true if file handle points to a directory + */ static int is_dir(struct file_handle *fh) { struct fs_dir_stream *dirs; - set_blk_dev(fh); dirs = fs_opendir(fh->path); if (!dirs) return 0; @@ -436,28 +443,51 @@ error: return EFI_EXIT(ret); } +/** + * efi_file_getpos() - get current position in file + * + * This function implements the GetPosition service of the EFI file protocol. + * See the UEFI spec for details. + * + * @file: file handle + * @pos: pointer to file position + * Return: status code + */ static efi_status_t EFIAPI efi_file_getpos(struct efi_file_handle *file, - efi_uintn_t *pos) + u64 *pos) { + efi_status_t ret = EFI_SUCCESS; struct file_handle *fh = to_fh(file); EFI_ENTRY("%p, %p", file, pos); - if (fh->offset <= SIZE_MAX) { - *pos = fh->offset; - return EFI_EXIT(EFI_SUCCESS); - } else { - return EFI_EXIT(EFI_DEVICE_ERROR); + if (fh->isdir) { + ret = EFI_UNSUPPORTED; + goto out; } + + *pos = fh->offset; +out: + return EFI_EXIT(ret); } +/** + * efi_file_setpos() - set current position in file + * + * This function implements the SetPosition service of the EFI file protocol. + * See the UEFI spec for details. + * + * @file: file handle + * @pos: new file position + * Return: status code + */ static efi_status_t EFIAPI efi_file_setpos(struct efi_file_handle *file, - efi_uintn_t pos) + u64 pos) { struct file_handle *fh = to_fh(file); efi_status_t ret = EFI_SUCCESS; - EFI_ENTRY("%p, %zu", file, pos); + EFI_ENTRY("%p, %llu", file, pos); if (fh->isdir) { if (pos != 0) { diff --git a/lib/efi_loader/efi_net.c b/lib/efi_loader/efi_net.c index 034d0d2ed0..4e8b2d597d 100644 --- a/lib/efi_loader/efi_net.c +++ b/lib/efi_loader/efi_net.c @@ -7,7 +7,6 @@ #include <common.h> #include <efi_loader.h> -#include <lcd.h> #include <malloc.h> static const efi_guid_t efi_net_guid = EFI_SIMPLE_NETWORK_GUID; diff --git a/lib/efi_loader/efi_runtime.c b/lib/efi_loader/efi_runtime.c index c5fbd91fa3..f059dc97fd 100644 --- a/lib/efi_loader/efi_runtime.c +++ b/lib/efi_loader/efi_runtime.c @@ -41,9 +41,13 @@ static efi_status_t __efi_runtime EFIAPI efi_invalid_parameter(void); #elif defined(__arm__) #define R_RELATIVE R_ARM_RELATIVE #define R_MASK 0xffULL -#elif defined(__x86_64__) || defined(__i386__) +#elif defined(__i386__) #define R_RELATIVE R_386_RELATIVE #define R_MASK 0xffULL +#elif defined(__x86_64__) +#define R_RELATIVE R_X86_64_RELATIVE +#define R_MASK 0xffffffffULL +#define IS_RELA 1 #elif defined(__riscv) #define R_RELATIVE R_RISCV_RELATIVE #define R_MASK 0xffULL @@ -358,7 +362,8 @@ void efi_runtime_relocate(ulong offset, struct efi_mem_desc *map) p = (void*)((ulong)rel->offset - base) + gd->relocaddr; - debug("%s: rel->info=%#lx *p=%#lx rel->offset=%p\n", __func__, rel->info, *p, rel->offset); + debug("%s: rel->info=%#lx *p=%#lx rel->offset=%p\n", __func__, + rel->info, *p, rel->offset); switch (rel->info & R_MASK) { case R_RELATIVE: @@ -377,6 +382,9 @@ void efi_runtime_relocate(ulong offset, struct efi_mem_desc *map) } #endif default: + if (!efi_runtime_tobedetached(p)) + printf("%s: Unknown relocation type %llx\n", + __func__, rel->info & R_MASK); continue; } @@ -385,8 +393,8 @@ void efi_runtime_relocate(ulong offset, struct efi_mem_desc *map) newaddr > (map->virtual_start + (map->num_pages << EFI_PAGE_SHIFT)))) { if (!efi_runtime_tobedetached(p)) - printf("U-Boot EFI: Relocation at %p is out of " - "range (%lx)\n", p, newaddr); + printf("%s: Relocation at %p is out of " + "range (%lx)\n", __func__, p, newaddr); continue; } diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index a1313fa215..19d9cb865f 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -294,8 +294,10 @@ efi_status_t EFIAPI efi_set_variable(u16 *variable_name, efi_guid_t *vendor, } val = malloc(2 * data_size + strlen("{ro,run,boot}(blob)") + 1); - if (!val) - return EFI_EXIT(EFI_OUT_OF_RESOURCES); + if (!val) { + ret = EFI_OUT_OF_RESOURCES; + goto out; + } s = val; diff --git a/lib/efi_selftest/efi_selftest_block_device.c b/lib/efi_selftest/efi_selftest_block_device.c index 1cd13042e9..d4e4fac1c7 100644 --- a/lib/efi_selftest/efi_selftest_block_device.c +++ b/lib/efi_selftest/efi_selftest_block_device.c @@ -308,6 +308,7 @@ static int execute(void) } system_info; efi_uintn_t buf_size; char buf[16] __aligned(ARCH_DMA_MINALIGN); + u64 pos; /* Connect controller to virtual disk */ ret = boottime->connect_controller(disk_handle, NULL, NULL, 1); @@ -392,21 +393,36 @@ static int execute(void) efi_st_error("Failed to open file\n"); return EFI_ST_FAILURE; } + ret = file->setpos(file, 1); + if (ret != EFI_SUCCESS) { + efi_st_error("SetPosition failed\n"); + return EFI_ST_FAILURE; + } buf_size = sizeof(buf) - 1; ret = file->read(file, &buf_size, buf); if (ret != EFI_SUCCESS) { efi_st_error("Failed to read file\n"); return EFI_ST_FAILURE; } - if (buf_size != 13) { + if (buf_size != 12) { efi_st_error("Wrong number of bytes read: %u\n", (unsigned int)buf_size); return EFI_ST_FAILURE; } - if (efi_st_memcmp(buf, "Hello world!", 12)) { + if (efi_st_memcmp(buf, "ello world!", 11)) { efi_st_error("Unexpected file content\n"); return EFI_ST_FAILURE; } + ret = file->getpos(file, &pos); + if (ret != EFI_SUCCESS) { + efi_st_error("GetPosition failed\n"); + return EFI_ST_FAILURE; + } + if (pos != 13) { + efi_st_error("GetPosition returned %u, expected 13\n", + (unsigned int)pos); + return EFI_ST_FAILURE; + } ret = file->close(file); if (ret != EFI_SUCCESS) { efi_st_error("Failed to close file\n"); @@ -434,6 +450,16 @@ static int execute(void) efi_st_error("Failed to close file\n"); return EFI_ST_FAILURE; } + ret = file->getpos(file, &pos); + if (ret != EFI_SUCCESS) { + efi_st_error("GetPosition failed\n"); + return EFI_ST_FAILURE; + } + if (pos != 7) { + efi_st_error("GetPosition returned %u, expected 7\n", + (unsigned int)pos); + return EFI_ST_FAILURE; + } /* Verify file */ boottime->set_mem(buf, sizeof(buf), 0); diff --git a/lib/efi_selftest/efi_selftest_controllers.c b/lib/efi_selftest/efi_selftest_controllers.c index ceefa03444..d08c377c72 100644 --- a/lib/efi_selftest/efi_selftest_controllers.c +++ b/lib/efi_selftest/efi_selftest_controllers.c @@ -134,6 +134,8 @@ static efi_status_t EFIAPI start( /* Create child controllers */ for (i = 0; i < NUMBER_OF_CHILD_CONTROLLERS; ++i) { + /* Creating a new handle for the child controller */ + handle_child_controller[i] = 0; ret = boottime->install_protocol_interface( &handle_child_controller[i], &guid_child_controller, EFI_NATIVE_INTERFACE, NULL); diff --git a/lib/fdtdec.c b/lib/fdtdec.c index 74196ce7f9..a420ba1885 100644 --- a/lib/fdtdec.c +++ b/lib/fdtdec.c @@ -15,7 +15,6 @@ #include <serial.h> #include <asm/sections.h> #include <linux/ctype.h> -#include <linux/ioport.h> #include <linux/lzo.h> DECLARE_GLOBAL_DATA_PTR; @@ -922,28 +921,6 @@ char *fdtdec_get_config_string(const void *blob, const char *prop_name) return (char *)nodep; } -int fdtdec_decode_region(const void *blob, int node, const char *prop_name, - fdt_addr_t *basep, fdt_size_t *sizep) -{ - const fdt_addr_t *cell; - int len; - - debug("%s: %s: %s\n", __func__, fdt_get_name(blob, node, NULL), - prop_name); - cell = fdt_getprop(blob, node, prop_name, &len); - if (!cell || (len < sizeof(fdt_addr_t) * 2)) { - debug("cell=%p, len=%d\n", cell, len); - return -1; - } - - *basep = fdt_addr_to_cpu(*cell); - *sizep = fdt_size_to_cpu(cell[1]); - debug("%s: base=%08lx, size=%lx\n", __func__, (ulong)*basep, - (ulong)*sizep); - - return 0; -} - u64 fdtdec_get_number(const fdt32_t *ptr, unsigned int cells) { u64 number = 0; @@ -1002,67 +979,6 @@ int fdt_get_named_resource(const void *fdt, int node, const char *property, return fdt_get_resource(fdt, node, property, index, res); } -int fdtdec_decode_memory_region(const void *blob, int config_node, - const char *mem_type, const char *suffix, - fdt_addr_t *basep, fdt_size_t *sizep) -{ - char prop_name[50]; - const char *mem; - fdt_size_t size, offset_size; - fdt_addr_t base, offset; - int node; - - if (config_node == -1) { - config_node = fdt_path_offset(blob, "/config"); - if (config_node < 0) { - debug("%s: Cannot find /config node\n", __func__); - return -ENOENT; - } - } - if (!suffix) - suffix = ""; - - snprintf(prop_name, sizeof(prop_name), "%s-memory%s", mem_type, - suffix); - mem = fdt_getprop(blob, config_node, prop_name, NULL); - if (!mem) { - debug("%s: No memory type for '%s', using /memory\n", __func__, - prop_name); - mem = "/memory"; - } - - node = fdt_path_offset(blob, mem); - if (node < 0) { - debug("%s: Failed to find node '%s': %s\n", __func__, mem, - fdt_strerror(node)); - return -ENOENT; - } - - /* - * Not strictly correct - the memory may have multiple banks. We just - * use the first - */ - if (fdtdec_decode_region(blob, node, "reg", &base, &size)) { - debug("%s: Failed to decode memory region %s\n", __func__, - mem); - return -EINVAL; - } - - snprintf(prop_name, sizeof(prop_name), "%s-offset%s", mem_type, - suffix); - if (fdtdec_decode_region(blob, config_node, prop_name, &offset, - &offset_size)) { - debug("%s: Failed to decode memory region '%s'\n", __func__, - prop_name); - return -EINVAL; - } - - *basep = base + offset; - *sizep = offset_size; - - return 0; -} - static int decode_timing_property(const void *blob, int node, const char *name, struct timing_entry *result) { @@ -1182,34 +1098,41 @@ int fdtdec_setup_mem_size_base(void) #if defined(CONFIG_NR_DRAM_BANKS) -static ofnode get_next_memory_node(ofnode mem) +static int get_next_memory_node(const void *blob, int mem) { do { - mem = ofnode_by_prop_value(mem, "device_type", "memory", 7); - } while (ofnode_valid(mem) && !ofnode_is_available(mem)); + mem = fdt_node_offset_by_prop_value(gd->fdt_blob, mem, + "device_type", "memory", 7); + } while (!fdtdec_get_is_enabled(blob, mem)); return mem; } int fdtdec_setup_memory_banksize(void) { - int bank, reg = 0; - struct resource res; - ofnode mem; + int bank, ret, mem, reg = 0; + struct fdt_resource res; - mem = get_next_memory_node(ofnode_null()); - if (!ofnode_valid(mem)) - goto missing_node; + mem = get_next_memory_node(gd->fdt_blob, -1); + if (mem < 0) { + debug("%s: Missing /memory node\n", __func__); + return -EINVAL; + } for (bank = 0; bank < CONFIG_NR_DRAM_BANKS; bank++) { - while (ofnode_read_resource(mem, reg++, &res)) { + ret = fdt_get_resource(gd->fdt_blob, mem, "reg", reg++, &res); + if (ret == -FDT_ERR_NOTFOUND) { reg = 0; - mem = get_next_memory_node(mem); - if (!ofnode_valid(mem)) { - if (bank) - return 0; - goto missing_node; - } + mem = get_next_memory_node(gd->fdt_blob, mem); + if (mem == -FDT_ERR_NOTFOUND) + break; + + ret = fdt_get_resource(gd->fdt_blob, mem, "reg", reg++, &res); + if (ret == -FDT_ERR_NOTFOUND) + break; + } + if (ret != 0) { + return -EINVAL; } gd->bd->bi_dram[bank].start = (phys_addr_t)res.start; @@ -1223,10 +1146,6 @@ int fdtdec_setup_memory_banksize(void) } return 0; - -missing_node: - debug("%s: Missing /memory node\n", __func__); - return -EINVAL; } #endif diff --git a/lib/hang.c b/lib/hang.c index bf56f4c662..c5a78694be 100644 --- a/lib/hang.c +++ b/lib/hang.c @@ -20,8 +20,9 @@ */ void hang(void) { -#if !defined(CONFIG_SPL_BUILD) || (defined(CONFIG_SPL_LIBCOMMON_SUPPORT) && \ - defined(CONFIG_SPL_SERIAL_SUPPORT)) +#if !defined(CONFIG_SPL_BUILD) || \ + (CONFIG_IS_ENABLED(LIBCOMMON_SUPPORT) && \ + CONFIG_IS_ENABLED(SERIAL_SUPPORT)) puts("### ERROR ### Please RESET the board ###\n"); #endif bootstage_error(BOOTSTAGE_ID_NEED_RESET); diff --git a/lib/tpm-common.c b/lib/tpm-common.c index 43b530865a..a440639cec 100644 --- a/lib/tpm-common.c +++ b/lib/tpm-common.c @@ -4,6 +4,8 @@ * Coypright (c) 2013 Guntermann & Drunck GmbH */ +#define LOG_CATEGORY UCLASS_TPM + #include <common.h> #include <dm.h> #include <asm/unaligned.h> @@ -110,6 +112,8 @@ int unpack_byte_string(const u8 *str, size_t size, const char *format, ...) if (offset + length > size) { va_end(args); + log_err("Failed to read: size=%d, offset=%x, len=%x\n", + size, offset, length); return -1; } @@ -176,10 +180,10 @@ u32 tpm_sendrecv_command(const void *command, void *response, size_t *size_ptr) ret = tpm_return_code(response); - log(LOGC_NONE, LOGL_DEBUG, "TPM response [ret:%d]: ", ret); + log_debug("TPM response [ret:%d]: ", ret); for (i = 0; i < response_length; i++) - log(LOGC_NONE, LOGL_DEBUG, "%02x ", ((u8 *)response)[i]); - log(LOGC_NONE, LOGL_DEBUG, "\n"); + log_debug("%02x ", ((u8 *)response)[i]); + log_debug("\n"); return ret; } diff --git a/lib/tpm-v1.c b/lib/tpm-v1.c index 7aecb24f92..9d45c3d3bf 100644 --- a/lib/tpm-v1.c +++ b/lib/tpm-v1.c @@ -4,6 +4,8 @@ * Coypright (c) 2013 Guntermann & Drunck GmbH */ +#define LOG_CATEGORY UCLASS_TPM + #include <common.h> #include <dm.h> #include <asm/unaligned.h> @@ -45,6 +47,11 @@ u32 tpm_startup(enum tpm_startup_type mode) return tpm_sendrecv_command(buf, NULL, NULL); } +u32 tpm_resume(void) +{ + return tpm_startup(TPM_ST_STATE); +} + u32 tpm_self_test_full(void) { const u8 command[10] = { @@ -61,6 +68,34 @@ u32 tpm_continue_self_test(void) return tpm_sendrecv_command(command, NULL, NULL); } +u32 tpm_clear_and_reenable(void) +{ + u32 ret; + + log_info("TPM: Clear and re-enable\n"); + ret = tpm_force_clear(); + if (ret != TPM_SUCCESS) { + log_err("Can't initiate a force clear\n"); + return ret; + } + +#if IS_ENABLED(CONFIG_TPM_V1) + ret = tpm_physical_enable(); + if (ret != TPM_SUCCESS) { + log_err("TPM: Can't set enabled state\n"); + return ret; + } + + ret = tpm_physical_set_deactivated(0); + if (ret != TPM_SUCCESS) { + log_err("TPM: Can't set deactivated state\n"); + return ret; + } +#endif + + return TPM_SUCCESS; +} + u32 tpm_nv_define_space(u32 index, u32 perm, u32 size) { const u8 command[101] = { @@ -104,6 +139,11 @@ u32 tpm_nv_define_space(u32 index, u32 perm, u32 size) return tpm_sendrecv_command(buf, NULL, NULL); } +u32 tpm_nv_set_locked(void) +{ + return tpm_nv_define_space(TPM_NV_INDEX_LOCK, 0, 0); +} + u32 tpm_nv_read_value(u32 index, void *data, u32 count) { const u8 command[22] = { @@ -168,6 +208,13 @@ u32 tpm_nv_write_value(u32 index, const void *data, u32 length) return 0; } +uint32_t tpm_set_global_lock(void) +{ + u32 x; + + return tpm_nv_write_value(TPM_NV_INDEX_0, (uint8_t *)&x, 0); +} + u32 tpm_extend(u32 index, const void *in_digest, void *out_digest) { const u8 command[34] = { @@ -243,6 +290,15 @@ u32 tpm_tsc_physical_presence(u16 presence) return tpm_sendrecv_command(buf, NULL, NULL); } +u32 tpm_finalise_physical_presence(void) +{ + const u8 command[12] = { + 0x0, 0xc1, 0x0, 0x0, 0x0, 0xc, 0x40, 0x0, 0x0, 0xa, 0x2, 0xa0, + }; + + return tpm_sendrecv_command(command, NULL, NULL); +} + u32 tpm_read_pubek(void *data, size_t count) { const u8 command[30] = { @@ -377,13 +433,19 @@ u32 tpm_get_permanent_flags(struct tpm_permanent_flags *pflags) if (err) return err; if (unpack_byte_string(response, response_length, "d", - data_size_offset, &data_size)) + data_size_offset, &data_size)) { + log_err("Cannot unpack data size\n"); return TPM_LIB_ERROR; - if (data_size < sizeof(*pflags)) + } + if (data_size < sizeof(*pflags)) { + log_err("Data size too small\n"); return TPM_LIB_ERROR; + } if (unpack_byte_string(response, response_length, "s", - data_offset, pflags, sizeof(*pflags))) + data_offset, pflags, sizeof(*pflags))) { + log_err("Cannot unpack pflags\n"); return TPM_LIB_ERROR; + } return 0; } |